@Rackspace you should change your configuration on the email platform. This way the 'source' of the email compromise would be visible. Include the IP Address of the authenticated sender. Authenticated sender: billing4-AT-camelbackwomenshealth.]com), sending fake payment info.
